Google Trumpets US Federal Open Source Security Initiative

  /     /     /  
Publicated : 23/11/2024   Category : security


Google Trumpets US Federal Open Source Security Initiative


A bipartisan bill aims to create a usable framework for the use of open source components when building applications, which Google is urging the private sector to support.



Google is throwing its considerable weight behind a proposed U.S. government-led policy framework aimed at shoring up security for open source software, urging the private sector to support the initiative.
The Securing Open Source Software Act introduced in the Senate last month
[PDF]
is a bipartisan bill that would create a security and risk-mitigation blueprint for the federal governments use of open source software.
We are glad to see a continued emphasis on the importance of open-source software security from the U.S. government, and we hope that both public and private organizations will follow their lead to promote improved cybersecurity for the ecosystem at large, noted Royal Hansen, engineering vice president for Google’s trust and safety team, in an 
Oct. 27 blog post
.
Open source software code, i.e., the freely available building blocks for applications of all stripes, is fundamentally the engine that drives modern digital enterprise. But malicious
cyber activity against the software supply chain
has infamously spiraled in the past few quarters, from
SolarWinds
to
Log4Shell
to a cornucopia of malicious and poisoned projects and packages popping up in trusted
code repositories like npm
.
Hansen noted that seemingly simple questions about the open-source supply chain are still difficult to answer, including:
Does a project contain known vulnerabilities?
Are the project’s maintainers and community following security best practices during software development?
What open source dependencies are part of a particular piece of software?
How secure was the distribution supply chain?
Google has been actively working on the problem, through initiatives like
extending its bug-bounty efforts
to open source. The industry has championed approaches like
software bills of material (SBOMs)
and automated code reviews to help catch vulnerable pieces before they propagate too far across the landscape. Google and other tech giants have also invested millions into nonprofit organizations and software foundations like the
Open Source Security Foundation
to support open source creators. On the policy side, the US government has
embraced SBOMs
for agencies, among other moves.
The new federal legislation, if it passes, will encourage more public-private partnership, and bring the public sector to the table in even more meaningful ways, according to the tech behemoth.
Securing open-source software is a shared responsibility, and we look forward to continued collaboration on this urgent, critical problem, Hansen said.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Trumpets US Federal Open Source Security Initiative